This topic describes the common errors and provides answers to some commonly asked questions about the IP address whitelist settings of an ApsaraDB RDS for SQL Server instance.
|No IP address whitelists are configured. Your RDS instance has only one default IP address whitelist. The default IP address whitelist contains only the 127.0.0.1 IP address.||The 127.0.0.1 IP address indicates that no devices can access your RDS instance.||Add the IP addresses of the specified devices to an IP address whitelist.|
|The 0.0.0.0 entry is added to an IP address whitelist during a connectivity test.||The format of the 0.0.0.0 entry is invalid.||Change the 0.0.0.0 IP address to the 0.0.0.0/0 Classless Inter-Domain Routing (CIDR)
Notice The 0.0.0.0/0 CIDR block indicates that all IP addresses are granted access to your RDS instance. We recommend that you add this CIDR block only for a connectivity test. When you run online workloads, do not add this CIDR block to an IP address whitelist.
|The public IP addresses in a configured IP address whitelist are inaccessible.||
||For more information, see How SQL Server determines the public IP address of an external Server or client.|
- After I configure an IP address whitelist for my RDS instance, does the IP address
whitelist immediately take effect?
After you configure an IP address whitelist for your RDS instance, the IP address whitelist requires about 1 minute to take effect.
- What are the IP address whitelists labeled ali_dms_group and hdm_security_ips?
When you connect to your RDS instance from other Alibaba Cloud services, these services generate IP address whitelists upon your authorization. The generated IP address whitelists contain the IP addresses of the servers on which these services run. The IP address whitelist labeled ali_dms_group is generated by Data Management (DMS). The IP address whitelist labeled hdm_security_ips is generated by Database Autonomy Service (DAS). Do not modify or delete the IP address whitelists. If you modify or delete the IP address whitelists, these services cannot access your RDS instance. These services do not perform operations on your business data.
- If I disable Internet access and enable only internal network access, is my RDS instance exposed to security risks? We recommend that you migrate your RDS instance to a virtual private cloud (VPC). For more information, see Change the network type of an ApsaraDB RDS for SQL Server instance.